Security Engineer (DE & Integration)

Job description Help AG is looking for a Security Engineer (DE & Integration) who will be responsible for the creation of procedures, implementation of process development, onboarding customers to MSS, and maintenance of threat content across internal and client environments. The Engineer will work closely with Management, Content Team, other Security Engineers, and clients to complete high profile, critical services to existing Managed Security Service clients. This position will be based in Dubai, UAE and will be responsible for enhancing detection content for the Cyber Security Operations Center (CSOC). This requires curiosity, creativity, and critical thinking skills, as well as attention to detail along with great organizational skills, and the ability to work in a highly collaborative work environment. The individual will also focus on mapping existing content to the MITRE ATT&CK framework, proposing new content development opportunities and collaborating with CSOC team members to tune existing content and create and enhance operational documentation, to assist members of the Content Team, the Detection Team, and the Engineering Team. Responsibilities • Manage and onboard Azure M365 Suite and Microsoft Cloud Security solutions. • Deploy, and manage SIEM Infrastructure – Splunk & Sentinel (MUST). • Deploy, and manage Cribl Infrastructure – Stream, Edge and Search Deployments. • Deploy, and manage Vulnerability Management solutions ( Tenable, MDVM) & NDR. • Integrate various data sources into SIEM – Splunk, Sentinel, LogRhythm & Securonix. • Implement and maintain detection capabilities across SIEM and EDR/XDR platforms. • Evaluate existing EDR/SIEM content to determine which content should be removed or updated to improve fidelity. • Leverage the MITRE ATT&CK framework, monitor the threat landscape, and evaluate existing data sources to identify opportunities for new content development for detection and response. • Research and innovate new mitigation, detection, and response capabilities given input from industry trends, customer feedback, and personal research. • Support the onboarding of new data sources by developing relevant EDR/SIEM content. • Develop EDR/SIEM detection uses cases and review with relevant stakeholders, such as engineers, and others. • Develop and maintain content catalog, including mapping to the MITRE ATT&CK framework, to improve the efficiency of deploying the security stack to new environments. • Document and communicate detection capabilities and gaps clearly and effectively leveraging multiple industry frameworks including MITRE ATT&CK, the Cyber Kill Chain, and NIST. • Design, develop, and monitor various dashboards and reports that provide information on content coverage, alerting, and fidelity. • Collaborate with technology staff at varying levels of expertise to improve logging from various appliances and correct misconfigurations. • Assess customer needs and expectations, design solutions to meet those needs, and then implement the design. • Quickly build and solve a problem using a new technology to determine viability. • Serve as a primary responder for Managed Security customer systems, taking ownership of issues and tracking through resolution. Qualification & Skills • College degree or equivalent training with experience working in a Security Operations Center and/or Managed Security. • Minimum 6 years of professional experience supporting and maintaining threat content and as well as SPLUNK SIEM System is mandatory. • Microsoft Security certifications (SC-200, SC-300, AZ-500) • Splunk certifications (Splunk Certified Architect / Admin) • GIAC (GCDA, GCIA, GCIH) or equivalent advanced security certifications. • Experience and knowledge of SIEM is essential. • Professional experience working with networks and networks architecture. • Information security knowledge in one or more areas such as EDR – Enterprise end-point security products (e.g., McAfee e-Policy Orchestrator, Virus Scan, Anti-Spyware, Host Data Loss Protection, Endpoint Encryption, etc.) • Practical hands-on experience in EDR (Carbon Black), Vectra, and Microsoft Azure. • Splunk, Azure Log analytics, or equivalent big data engine experience. • Experience with MS Azure Information Protection and technologies, including solution architecture, deployment, management, and support in a large global enterprise. • General security knowledge, certificates in Splunk Admin, Splunk Architect, Splunk Consultant is a must. Also, good to have Azure, Managed vulnerability (Nessus/Tenable), EDR (Carbon Black) and Firewall related security certifications. • Experience working with internal and client ticketing and knowledge base systems for Incident and Problem tracking as well as procedures. • Knowledge of Linux and Windows Operating Systems. • Experience with various other SIEM security products such as: Splunk, ArcSight, Nitro, or LogRhythm and infrastructure components such as proxies, firewalls, IDS/I